Broadcom Payment Security Reviews

I think the performance from my organization's perspective is excellent in terms of minimizing the friction on genuine transactions with genuine customer, whilst optimizing the bad transactions, the fraudulent transactions that it stops. It achieves a tremendous balance.

Customers want to be able to use their cards online in a manner which is fast but secure and minimizes friction, so the solution that we have from CA means we can achieve that objective.

I've been using them now for a couple of years, but have been using similar solutions for over 15 years.

I'd say it's been consistently stable, very minimal downtime, absolutely. We've been really happy with that.

Certainly, our experience has been that as the business has grown in terms of volume, but also we've put other countries, other regions across the world onto the solution as well, which is added volume. I've not experienced any issues with that increased volume, so I'd have to say yeah, it's meeting our scalability needs.

This is the one area where there's room for improvement. This is information I've fed back to CA already. I think that is the one area where improvements can be made in terms of speed of response, in terms of quality of response, and in terms of more so a proactive problem monitoring.

This is a particular area of CA strength, is their customer focus, ability to work with you and change. I talked earlier about working with CA to deliver an innovative solution that works across multiple geographies. I've found in other solutions, it's more of a kind of one-size-fits-all approach, less customer-focused. You know, "This is our solution and you need to change to use it," as opposed to the CA approach was much more flexible and responsive to change.

That's a difficult one for me to answer, because from most customers' perspective, it would be quite straightforward. We have a very complex business in terms of the countries that we operate in, meaning that we need to offer the solution in multiple different languages. We're in different markets that have different regulation, each one has different regulation, so there's a lot of challenges there for our business, but I think CA have done a really good job in terms of helping us through that, so we've managed to keep a standard solution that fits all of the needs of those different markets. I think we've got quite an innovative solution as well for those customers that may be looking to operate in multiple countries as opposed to one particular market.

I would certainly recommend CA over other solution providers in this space for the reasons that I mentioned in terms of being very flexible and responsive to the customer's needs, having that experience now of being able to operate across multiple geographies, and looking to constantly invest and improve the performance of the solution as well.

I think that many of them are on the roadmap already in terms of making the solution work better in the mobile space, investing in collecting device information, more device information, more transaction information to improve the predictability in terms of the score of transactions to keep increasing the percentage of transactions that don't require customer authentication, while stopping more of the fraudulent ones and trying to get that balance as optimal as possible. Investing in the science behind that, the data behind that, making it work with more and more types of devices, bringing in touch ID, bringing in other forms of biometrics as well to make that customer journey much easier.

I would rate it with a nine right now, and I think the reason for that is I do think there's room for improvement in the technical support space. I think if CA can get that right, it could easily be a 10 right now.

I work under fraud analytics. So I use this product to extract cases from there and then send it to Ops to review and analyze. Then mark it as either fraud or genuine. And if we get bad IPs from there, I add it up to our negative IP list. So it's pretty useful operation wise, and also in terms of some inquiries from us, if a customer is disputing they didn't receive an OTP password on their online transaction, and then they're disputing that it's not theirs, and it's unauthorized, but it was a successful transaction,

I use this product to see the customer's previous IP addresses. If they used it genuinely before then we ask them again, that this IP address or this device was used genuinely on these so and so days. And how come they say it's unauthorized. Maybe check if it's your son who used your phone or so forth.

In other scenarios we would require if you are saying someone has ported your phone to get the OTP from your phone, please get a certificate from your network, something like that.

It's pretty useful for our daily online pretty secure needs. So I don't know yet, I don't know yet. I'm still new as an analyst, but if I had wish it would be this one, this authentication for fingerprint and face would be promising.

That will solve my problems with a customer saying they didn't authorize, they didn't sent that OTP, when in fact we saw that it's a successful one, and how can you prove that it wasn't you? Yeah. Will solve that problem.

I don't have any issues with stability.

They quickly respond to me, whenever I need help. It's not a show stopper for me, per se, but currently I know there's an issue with an IP address change that my colleagues in Manila can't access their website. They've been using it for five years though. But it's a conversation between the IP and the technology head in Manila to explain why their IPs has changed.

For me they're really quick. if I need my password change, or I ask something urgently, I can get it.

The valuable element is the data that I have. They have a lot of machine fingerprint data and that's data that we miss on non-3D Secure card not present transactions. We see a high value in that. With all the fraud rules that we built, we have a very good false positive ratio because of the big data that CA has.

We are using CA Transaction Manager for authentication and have CA's Risk Analytics for rules and case management. As an authentication method, we currently have static password + OTP via SMS (2-factor) and softOTP in our App. SoftOTP is an OTP generator within our own banking app delivered by CA. Soon we are going to migrate from SoftOTP to a new sdk that includes biometrics, also delivered by CA.

For CA Risk Analytics, we would like to have some statistics available, to do some counting on the number of transactions for example. Also, to have the ability not only for 3D Secure, but accross all online channels. Online banking and App.

Because then you would have three online channels. You would have the same device data, so you can combine it. So then you would have an online banking platform, an app, and 3D Secure all from one supplier. This supplier would support all of our authentication methods across those three channels.

That's our ultimate goal to have one supplier to support all three online channels.

It's very stable. I know in the beginning when moving from static password to soft OTP there were some bugs. But that's normal. With every new solution, you have to tweak.

Within the Netherlands, if I can speak about the Dutch market, a lot of Dutch internet merchants support 3D, but on a scale of all card not present transactions, only 25 to 30% of the merchants are 3D Secure for card not present transactions. But we would like to see that moving further so that all card not present merchants support 3D Secure.

This is very good. We have been in contact because the technical team is in India, so we have a lot of contact with the people over there.

Sometimes, there is a bit of language issue of understanding problems. But normally, project managers who are there to deal with our issues speak very good English and there's a good relationship there.

I think in some migrations from static password to SoftOTP, there was a large impact on cardholders. We also did a biometrics pilot together with MasterCard and CA and it went very smoothly.

Card holders have to step up for authentication. The fraud rates dropped for card not present fraud. We see that the non-3D Secure fraud is rising as well as account takeovers. That's why I think it's very good to have such a product in place.

When selecting a vendor, I want them to be straightforward, do a lot of innovation, and be a step upfront of the issues as needed. I think those are the most key and important things that we expect.

It's the security and protection it offers our customers. They trust it. I know sometimes people will say that verified by Visa can be an inconvenience, but our customers like to use it. They like to see it on the screen, so that is a big benefit for our customers.

Where we are based, we are very rural, so the mobile phone signal can be very poor. There's something like adding LTP to your landline would be perfect for a lot of our customers.

That's the one complaint we have had is the lack of mobile signal. They won't get their LTP so that would be a big step forward for us. It's something we've discussed with CA. They know that it's something we're interested in so hopefully we'll work with them on that in the future. That will be a big plus.

It's more the fact the mobile signal isn't that great and you've got to move with the times. SMS technology is the way to go. If there's something unique that we could offer our customers, that would give them the confidence in us as a business. That would really help.

Apart from that, I've got no negatives to say really. It's just if they could offer something specific for our customer base. That would be really good.

We have used this solution about five or six years now.

That's one of the things in the contract is the SLAs and they ticked the box every time. So I have no concerns around that whatsoever. They're spot on.

It has grown. We moved from the initial implementation to use LTPs just a year and a half ago so that was part of the same solution.

Again, that's been a big win with our customers and that is more scope for us to move on with regulation over the next year to a year and a half, so definitely CA offer what we need.

We don't get in touch with them that often because the service is so good. But the email contact is spot on. We get a quick turnaround.

We do get advised of upgrades well before anything happens. So far, with the limited touch point we've had with them, I can't fault them either.

That's a difficult one for me because I wasn't with the firm when implementing the first rollout. But the second phase was very good. The support that we got from the project side for the business was excellent.

I can only assume it was as good first phase. Otherwise we might have looked at other products or another solution. I haven't heard anything untoward about the first implementation.

It depends on the scope and the size of your business. For us, being small, we're a small firm, Transaction Manager ticks our needs. But if you've got a bigger customer base, maybe more cards out there, maybe more fraud, CA can offer all the tools and technology that you need.

I would choose the tools that you want based on your customer needs, not your fraud loses. There's no point in spending thousands of pounds on a huge solution when actually one of the smaller solutions can meet your needs. We found that quite valuable for us.

It sounds funny, but when looking for a vendor, we've got to get on with the firm. We've got to have a similar culture to our business. Come and visit us. We're quite remote where we're based, so I think to come and have a face to face meeting, that's a big tick in the box without all these conference calls. If CA would do that for us, that's a big win.

We have to get on with the sales person and the project managers. We like the close relationship. That's part of our business is financial services. It's dealing with customers and we like that from our vendors as well. We like the close relationship. That's probably one of the biggest things we look for.

This solution has ensured 100% security for our online card transactions.

We are still unable to implement OTP through email using this solution. That is probably because we are using a Gmail server for sending email. However, I would like to find a solution to send OTP through our email server.

We have used this service for about one year.

We have not had any stability issues yet.

We have not had any scalability issues yet.

I would rate technical support very high. We have faced very few technical issues, but we received prompt support every time.

The installation was straightforward without any hiccups. CA assigned an experienced project manager for us who guided us expertly. We were able to implement the solution smoothly.

At present, we are using ACS server of CA for our 3D Secure Transactions.

This solution is used for our card-not-present transactions. During
transactions, ACS sends a One Time Password (OTP) to the cardholder for verification.

We wanted to send this OTP to the cardholder through both
Mobile and email. We have implemented only OTP through mobile. OTP
through email could not be implemented due to 2 steps authentication in our
email server (we are using a Gmail server).

We are going to use our own email server domain instead of Gmail server.
Once it is done, we would like CA to help us to implement the OTP
sending through email.

I would advise others to go for CA products. The pricing is reasonable.

We evaluated other products. One of them was SunGard’s Ambit and the other one was from a local vendor name Aamra.

Card issuing/acquiring institutes must implement this product to secure their cardholders. The CA solution is a world-class product and others should consider using this solution.

All of the features are valuable in my day-to-day work.

It has added another layer of security in which it reflects customers' confidence in dealing with our organization.

We need more improvement in the Arcot console, which is used in monitoring 3DS transactions for example caching real time transactions rather than getting them after two or three hours.

Six months.

No issues with deployment.

No issues with stability.

No issues with scalabiility.

The technical support is great.

No, this is the first time.

The setup for this product is very straightforward.

No, this is the only product we looked at.

I advise anyone that is looking for a payment security product to choose this solution.

The cardholder configurations and reporting options are the most valuable features.
The user interface is easy to follow and the available options are useful.

An area of improvement for this product would be the ability to view more transactional data to determine the cause of a failed transaction. The current data fields are very limited.

Also, the cardholder experience is not so user-friendly. There are consistent issues with registration and usage of the product.

We have utilized this product for a little over 18 months; less than 2 years.

We have not had stability issues.

We have not had scalability issues.

The technical support team is professional and attentive to our needs and concerns. Issues are resolved in a timely manner with the appropriate follow-up.

We didn’t have a previous solution. We converted as a MasterCard customer.

Setup was straightforward, but I’m not sure if that was because we were a MasterCard customer using the service already.

At this point, I would implement other options due to improvements and MasterCard regulations regarding Identity Check and 2.0.

E-commerce security validations and reporting.

The risk of fraudulent transactions increases when the transactions are done online (e-commerce).CA Transaction Manager helps us ensure the source of e-commerce transactions is a valid merchant and customer.

The deployment process needs to be updated to ensure the base code does not involve details of other clients.

I have used it for around 5-6 years.

We did not encounter any issues with stability.

We did not encounter any issues with scalability.

I rate technical support 4/5.

We did not have a previous solution.

Initial setup of the solution proposed is straightforward.

This is a good product, which is easy to deploy and has lot of user friendly features.